Resources

Azimuth employees are active participants in the security community, regularly speaking at conferences, publishing whitepapers, and discovering new types of vulnerabilities. This page highlights a cross-section of some of our more recent notable work, and provides a place for us to publish ongoing and future research.

Publications

Azimuth consultants have long been active participants in the security community. Some of our larger contributions include a comprehensive book on software security assessment, and a supporting blog and website focused on software security.

This is a 1200 page Addison-Wesley Professional book focusing on software security assessment. It teaches the reader how to audit applications across a wide range of technologies and platforms. The book's primary focus is on utilizing manual source code review to find security flaws, and it reinforces this skill through the use of extensive examples drawn from real-world code.

This website was created to support our book, and provide a platform for the authors to publish additional material. There are several original articles published here, including security research, coding challenges, example vulnerable code, and a collection of resources and links for each chapter in the book.

Whitepapers

Azimuth consultants have authored a few notable whitepapers on security research topics

This paper discusses several innovative exploitation techniques for the Windows XP and Windows 2003 operating systems. It specifically focuses on an undocumented part of the heap implementation named the heap cache, which is responsible for large block allocations.

This paper discusses the exploitation of a specific flaw uncovered in Adobe Flash. Specifically, it explores a technique that incorporates the ActionScript Virtual Machine (AVM) to reliably exploit a memory corruption flaw that would otherwise be difficult to leverage with traditional techniques.

In addition to our whitepapers, Azimuth consultants regularly speak at a variety of industry conferences. This section contains the research papers and slides from these speeches.

This presentation introduces a mini bug-class affecting the Windows Kernel. It specifically focuses on the types of problems that can occur when unprivileged users are able to access and manipulate the Windows atom table in unexpected ways. Several real-world examples are presented in this talk that shows these attacks in action.

This presentation discusses several unique classes of vulnerabilities specific to interoperability layers within complex applications, with particular focus on contemporary web browsers. The speech covers object retention, type confusion, and transitive trust. This speech included disclosure of several vulnerabilities, including the much-publicizedInternet Explorer killbit bypass.

This presentation covered a lot of the same material as the Black Hat Las Vegas 2009 presentation, but it had several additions regarding automatic enumeration of the attack surface.

This speech focuses on heap exploitation techniques specific to the Windows XP and Windows 2003 operating systems. Several methodologies are discussed for creating favorable memory layout patterns and manipulating heap data structures in order to create robust exploits for heap memory-corruption vulnerabilities. Many of the techniques covered build on well-documented prior heap research, with a healthy mix of original content that treads new ground.

This presentation focused on several techniques that could be utilized within web browsers to bypass the memory protection features incorporated in to Windows Vista. Several innovative new techniques were introduced - including stack spraying, Java RWX allocations, and statically-located .NET user controls.

This speech focuses on the security exposure of the DirectShow framework present on Windows operating systems. Here, we explore how codecs (also known as DirectShow filters) are registered on the system, what attack surface each codec exposes, and how to enumerate the codecs on a given system. From there, we discuss the types of vulnerabilities commonly found in such codecs and give several real-world examples.